Subject: Mail permissions
To: None <current-users@NetBSD.ORG>
From: Terry Moore <>
List: current-users
Date: 03/16/1995 19:17:21
With all these security discussions, I have a related question on mail
security issues.

	I just built and installed ELM 2.4.  I found that, to make it work,
	it had to be SGID Wheel, and I had to tweak the protections on
	my /var/mail directory as created by the NetBSD (386) 1.0
	install process.   (Elm being SGID to the mail group is a
	standard option for ELM; elm being SUID root is not, and I'm not
	about to do that anyway....)

	/usr/libexec/mail_local is SUID root.

	/var/mail was 755 protection, owned by root.wheel.

	I changed /var/mail to 775, and made elm SGID wheel, and things

	On my other systems (such as Sys V R3.2 on my 3b2s) in which
	elm is SGID, the mail directory is marked as having its own
	group (mail).  On my suns, /var/spool/mail has 777 protection,
	and the individual files have 600 protection, and user/group
	IDs appear to be set to the defaults from the user definition
	in the passwd file.  

	It appears as if NetBSD matches neither SunOS 4.1.3 nor the Sys
	V conventions.  On NetBSD 1.0, the mail files are set up
	matching SunOS, but the mail directory seems to be set up in a
	way that is more like Sys V.

	1) Is it safe for elm to be SGID wheel under NetBSD? I imagine not.

	2) What is the intended protection scheme for mail under